[cap-talk] Microsoft [correction]
Karp, Alan H
alan.karp at hp.com
Mon Sep 28 10:19:40 PDT 2009
Mark Miller wrote:
>
> I agree. All the seeds for the bad Singularity access control design
> were planted as of this paper and
> <http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.36.691>. Both
> Abadi and Plotkin were authors of this earlier paper, demonstrating
> that even brilliant formalists with great taste can still go off the
> deep end when pursuing the wrong premises.
>
Abadi may be brilliant, but I don't recall ever reading one of his papers on access control that looked right to me. I blame it on his association with Lampson, who seems to be the source of many of the ideas used in bad designs. For example, Lampson's generalized speaks-for could be used to build a capability system, but everyone, including Lampson, makes the root of trust an ACL indexed by principal id.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list